I'm running Linux Mint and have a 2TB drive that I formatted as NTFS. I copied ~120GB of files from another computer to the 2TB drive, removing the files from the other computer as I did so. When they were all on the 2TB drive, I zipped them up as file "Gold.tar.gz".

Then I reformatted the 2TB drive as ext3 in a moment of absolute stupidity.

I formatted the 2TB back to NTFS, but of course everything is gone. Here is what I have tried:

1. TestDisk -- won't find any lost partitions or undelete files, just the current empty one
2. PhotoRec -- seems to only find some broken text files and misidentify their extensions. It never finds the 100's of avi files I had (before the 120GB copy, I already had 750GB on the drive full of avi files) or anything else that would show me it's working properly.

Using dd I recovered the first 512MB of the drive and went hunting through it. I found all of the file as MFT entries, including the file "Gold.tar.gz" in a 2048 byte MFT record. I'm looking now for some way of either (1) telling PhotoRec to look at that record, or (2) analyze the MFT record myself and discover the sectors holding the data; I can piece it all together using dd and join the binary output if it's fragmented.

One last thing - from the moment I got this drive a few days ago to the incident, there were only file copies made to it and no deletes. I formatted as NTFS, then copied thousands of files, then made a tar.gz, then reformatted to ext3, then reformatted to NTFS again. I'm hoping that the size of the drive and fact that there was no file modification/deleting happening makes for minimal file fragmentation.